Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 106 discussion

The AWSLambdaVPCAccessExecutionRole policy allows the Lambda function to create elastic network interfaces (ENIs) in the VPC and use the security groups attached to those ENIs for controlling inbound and outbound traffic.

B: This option ensures that the Lambda functions have the necessary permissions to access resources within the VPC and that the RDS security group is configured to allow inbound access from the Lambda functions. D: Reason for eliminating this is creating an interface VPC endpoint and configuring the endpoint policy is unnecessary for this scenario as it complicates the setup without addressing the VPC access requirements directly.

Lambda functions need to run inside the VPC to access resources like the RDS instance, which is located within the private subnet. The AWSLambdaVPCAccessExecutionRole policy is required for Lambda functions to connect to resources inside a VPC. This policy allows Lambda functions to use Elastic Network Interfaces (ENIs) to connect to the VPC. The security group associated with the RDS instance must allow inbound connections from the Lambda function's security group.

B is the correct answer.

This is the correct solution. The AWSLambdaVPCAccessExecutionRole policy includes permissions that allow the Lambda function to access resources within a VPC, such as an RDS instance. Additionally, modifying the RDS security group to allow inbound access from the Lambda security group is necessary to enable network connectivity between the Lambda functions and the RDS instance.

https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

Answer : D

While Lambda functions cannot run directly in private subnets, they can be configured to access resources within a VPC by creating a VPC endpoint for Lambda. AWS Lambda supports VPC Endpoints for Lambda, which allow Lambda functions to securely access resources within a VPC without needing to traverse the public internet. You should attach the AWSLambdaVPCAccessExecutionRole policy to your Lambda execution role to enable it to create network interfaces in your VPC for accessing resources. By configuring an interface VPC endpoint for Lambda, you can enable the Lambda function to communicate with resources within the private subnet and the RDS instance.

https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSLambdaVPCAccessExecutionRole.html https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

ans- opt d Option A does not allow Lambda functions to access resources in the VPC. Option B does not create an interface VPC endpoint, which means that Lambda functions will be exposed to the public internet. Option C does not configure the interface endpoint policy to allow the lambda:InvokeFunction action, which means that Lambda functions will not be able to invoke each other.